Multi-point authentication for payment transactions

ABSTRACT

Authentication for payment transaction includes receiving, by a point-of-sale (POS) terminal, an indication that a payment account of a cardholder is associated with a mobile device and receiving a second indication of physical possession of a payment card by a merchant. The authentication includes receiving a purchase request for an authorization of exchange from the payment account of the cardholder to the merchant and assigning a transaction identifier to the request for the authorization of the exchange. The authentication includes transmitting the request for authorization of the exchange from the cardholder payment account to the merchant and the transaction identifier. The authentication includes receiving an indication that an authentication identifier is associated with the transaction identifier. The authentication includes receiving a copy of the authentication identifier, facilitated by the cardholder. The authentication includes receiving validation that the copy of the authentication identifier matches the authentication identifier.

BACKGROUND

The present disclosure relates to payment authentication, and, morespecifically, to multi-point authentication for payment transactions.

Payment cards, such as debit and credit cards, have become nearlyubiquitous ways of paying for purchases. By using a payment card tied toa credit or debit account, as opposed to cash, certain security risksmay arise. As financial and privacy breaches have spread, security intransactions has become increasingly important. As a result, it can bebeneficial to increase security in many aspects of the usage of paymentcards and associated transactions.

SUMMARY

Embodiments of the present disclosure provide for a method, system, anda computer program product for multi-point authentication for paymenttransactions.

One embodiment is directed toward a method for multi-pointauthentication for payment transaction. The method includes receiving,by a point-of-sale (POS) terminal, a first indication that a paymentaccount of a cardholder is associated with a mobile device of thecardholder. The method also includes receiving, by the POS terminal, asecond indication of physical possession of a payment card by amerchant. The method also includes receiving, by the POS terminal, apurchase request for an authorization of an exchange of funds from thepayment account of the cardholder to the merchant. The method alsoincludes assigning, by the POS terminal, a randomized transactionidentifier to the request for the authorization of the exchange of fundsfrom the payment account of the cardholder to the merchant. The methodalso includes transmitting, by the POS terminal, the request for theauthorization of the exchange of funds from the payment account of thecardholder to the merchant and the assigned randomized transactionidentifier. The method also includes receiving by the POS terminal, anindication that a randomized authentication identifier is associatedwith the assigned randomized transaction identifier, from a paymentassociation, the payment association determining whether the request forthe authorization of the exchange of funds is valid. The method alsoincludes receiving, by the POS terminal, a copy of the randomizedauthentication identifier through the mobile device, facilitated by thecardholder, where the mobile device receives the randomizedauthentication identifier from the payment association, the paymentassociation determining whether the request for the authorization of theexchange of funds is valid. The method also includes receiving, by thePOS terminal, validation that the received copy of the randomizedauthentication identifier matches the randomized authenticationidentifier.

Another embodiment is directed toward a system for use with a hostpayment association server that is configured to validate transactionsof a payment account and communicate with a linked mobile device that isconfigured to validate payment transactions. The system includes one ormore computer processor circuits that are configured to host atransaction validation application. The transaction validationapplication is configured to receive, by a point-of-sale (POS) terminal,a first indication that a payment account of a cardholder is associatedwith a mobile device of the cardholder. The transaction validationapplication is also configured to receive, by the POS terminal, a secondindication of physical possession of a payment card by a merchant. Thetransaction validation application is also configured to receive, by thePOS terminal, a purchase request for an authorization of an exchange offunds from the payment account of the cardholder to the merchant. Thetransaction validation application is also configured to assign, by thePOS terminal, a randomized transaction identifier to the request for theauthorization of the exchange of funds from the payment account of thecardholder to the merchant. The transaction validation application isalso configured to transmit, by the POS terminal, the request for theauthorization of the exchange of funds from the payment account of thecardholder to the merchant and the assigned randomized transactionidentifier. The transaction validation application is also configured toreceive, by the POS terminal, an indication that a randomizedauthentication identifier is associated with the assigned randomizedtransaction identifier, from a payment association, the paymentassociation determining whether the request for the authorization of theexchange of funds is valid. The transaction validation application isalso configured to receive, by the POS terminal, a copy of therandomized authentication identifier through the mobile device,facilitated by the cardholder, where the mobile device receives therandomized authentication identifier from the payment association. Thetransaction validation application is also configured to receive, by thePOS terminal, validation that the received copy of the randomizedauthentication identifier matches the randomized authenticationidentifier.

Another embodiment is directed toward a computer program product formulti-point authentication for payment transactions.

The above summary is not intended to describe each illustratedembodiment or every implementation of the present disclosure.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The drawings included in the present application are incorporated into,and form part of, the specification. They illustrate embodiments of thepresent disclosure and, along with the description, serve to explain theprinciples of the disclosure. The drawings are only illustrative ofcertain embodiments and do not limit the disclosure.

FIG. 1 depicts a system for push payment authentication, according tovarious embodiments.

FIG. 2 depicts a system for pull payment authentication, according tovarious embodiments.

FIG. 3 depicts a system for payment authentication, according to variousembodiments.

FIG. 4 depicts a flowchart of a method for payment authentication,according to various embodiments.

FIG. 5 depicts a flowchart of a method for payment authentication,according to various embodiments.

FIG. 6 depicts a flowchart of a method for payment authentication,according to various embodiments.

FIG. 7 depicts a flowchart of a method for payment authentication,according to various embodiments.

FIG. 8 depicts a flowchart of a method for payment authentication,according to various embodiments.

FIG. 9 depicts a graphical user interface of an application on a mobiledevice for payment authentication, according to various embodiments.

FIG. 10 depicts a flowchart of a method for in-store pullauthentication, according to various embodiments.

FIG. 11 depicts a flowchart of a method for online pull authentication,according to various embodiments.

FIG. 12 depicts a flowchart of a method for in-store pushauthentication, according to various embodiments.

FIG. 13 depicts a flowchart of a method for online push authentication,according to various embodiments.

FIG. 14 depicts a block diagram of automated computing machinery,according to various embodiments.

While the invention is amenable to various modifications and alternativeforms, specifics thereof have been shown by way of example in thedrawings and will be described in detail. It should be understood,however, that the intention is not to limit the invention to theparticular embodiments described. On the contrary, the intention is tocover all modifications, equivalents, and alternatives falling withinthe spirit and scope of the invention.

DETAILED DESCRIPTION

Aspects of the present disclosure relate to payment authentication, and,more specifically, to multi-point authentication for paymenttransactions. While the present disclosure is not necessarily limited tosuch applications, various aspects of the disclosure may be appreciatedthrough a discussion of various examples using this context.

In order to more securely allow for a customer to use a payment card tomake a purchase, a mobile device, which belongs to or is rightfullypossessed by the customer, may be utilized. The mobile device may beutilized to validate and verify that a purchase is being made by acustomer who is the true cardholder, either through feedback on themobile device by the user, or by transferring data between the mobiledevice and a point-of-sale. Alternatively, the transfer of data mayoccur from a point-of-sale to the mobile device. Through the mobiledevice, facilitated by a cardholder, the payment association thatmaintains the payment card in question is contacted, in order tovalidate whether the purchase is authorized by the true cardholder. Thepayment association may send or receive an authentication identifier,which would ultimately return to the payment association from either thepoint-of-sale or the mobile device, and would be validated by thepayment association and authenticated if the received authenticationidentifier is correct. Otherwise the transaction may cancel, and nopotentially fraudulent transfer or purchase may be made.

In much of the world, credit or debit cards are commonly used to pay forpurchases, both in-store and online. During the process of making apurchase, especially during checkout, the security at a point-of-sale(POS) is often vulnerable and limited. The POS may require a cardholderto sign a physical receipt, a liquid-crystal display (LCD) card reader,or a touchscreen pad, or, alternatively, to enter a few-digit securitycode (e.g., a card verification value) found on the physical card itself(but generally not stored on the machine-readable magnetic stripe of thecard). In some cases, in-store purchases may not require any sort ofcardholder identification, and, for smaller purchases, may not evenrequire a signature. Even in cases where a signature is required, thePOS card readers' touchscreen quality, accuracy, and precision insignature recognition and reproduction is often so low that a customermay as well make a scribble or draw an “X” on the screen. The inputsignature generally lacks any usefully identifiable quality, renderingthe signature nearly superfluous. This has led to some customers simply“going through the motions” when a signature is required. Even assumingthe POS receives a perfect signature, however, the security given by asignature verification can only take effect after a sale has been made,and furthermore may only come into play once a purchase has beenofficially contested. This may cost time and money. It would bedesirable to avoid this situation altogether.

Widely-publicized retail security breaches related to payment andfinancial services have underscored various security concerns in today'smarketplace. During various breaches, names, addresses, card numbers,account numbers and even security codes for accounts and payment cardshave been stolen or copied from millions of customers. Continuingchallenges for merchants and consumers alike have since resulted.Security breaches of this sort often result from the loss ordissemination of sufficient information to allow others to effectivelyduplicate payment cards, especially if the information falls into thehands of a reasonably skilled and malicious hacker. Duplicate cards,either virtual or physical, under the current regime, could then beswiped or scanned at an in-store merchant or used for online purchases.

If a physical payment card is lost or if the card is duplicated, thestolen or duplicated card could be misused for at least as long as ittakes the true cardholder or the payment association to suspect misuseand cancel. During even a brief time, a large number of fraudulentpurchases could take place. Unfortunately, if illicit access is grantedto a hacker having a stolen or a duplicate card, for instance, a debitcard, the associated bank account could be completely depleted or evenoverdrawn. In the case of a credit card, a credit line may be maxed outor exceeded, leading to a variety of challenges for the true cardholder.The existing state of payment card security may cost consumers,merchants, and payment associations multiple millions of dollars eachyear, not only from direct losses, but also indirect losses stemmingfrom damage to trust and resulting reduction of repeat business.

To minimize the security exposures as well as reduce the overall cost ofdoing business for the merchants and payment associations, multi-pointsecurity solutions are proposed, as described herein. Separation of atransaction into different locales, as described herein, may result inan increase in security for the transaction. In this way, a transactionmay require not only a physical payment card, but also a mobile deviceassociated with the true holder of the payment card. Hackers, who stealnames, addresses, card or account numbers, and card verification value(CVV) codes would no longer have enough information to complete anytransaction, since the other component(s) of authentication would bereceived from another source.

According to various embodiments, today's mobile network andapplications (commonly referred to as “apps,” for short) may supply auser (e.g., a consumer, customer, shopper, or cardholder)transaction-specific authorization codes from the payment association(referred to herein generally as “pull authentication”) then in turnsupply that code to the merchant to complete a transaction. Anotherembodiment may involve using a mobile device on a network andapplication to receive a transaction identifier and authorizationidentifier from the merchant and transmit the identifiers to the paymentassociation (referred to herein generally as “push authentication”)using a mobile app on the mobile device.

According to various embodiments, a user may choose to or be required tocreate or set up an account with a payment association, with a uniquepassword and user name, on the website of the payment association. Insome cases, the user may also divulge other identifying information,such as biometric data or voiceprints. According to various embodiments,identifying information may include geospatial data. The user may alsoobtain and install a mobile application, which may enable multi-pointauthentication. For additional security, the mobile application passwordmay be made to be unique and different from the payment associationwebsite login user name and password, leading to even greater security.

As described herein, the eventual loss or misappropriation of paymentcard information by itself would not be enough for a user, legitimate ornot, to complete a transaction. By extension, even a true cardholder mayrequire additional authentication beyond a physical payment card,personal identification number, and/or signature to make a purchase.Stated differently, the credit or debit card number either swiped orentered online becomes, as described herein, a mere ante to start apurchase and no longer an all-in proposition.

Malicious or otherwise, hackers who in the past had stolen millions ofcredit card numbers from merchants or cardholders would now, asdescribed herein, effectively have useless payment card information, ifstanding alone. The hackers, not having the mobile device of the user,among other things, would not have the capacity to complete theremainder of the transaction authorization process through the mobileapp (provided the hackers did not steal the mobile device or gainunauthorized access to it), resulting in little or no damage tocardholder, merchant or payment association. Even a delay in the hackersaccessing a payment account or using a payment card may be enough for atrue cardholder to deactivate a payment account or change a payment cardnumber.

According to embodiments, a cardholder may be a person who haspossession of a physical payment card or the information stored on apayment card. A cardholder may also be referred to herein as a user,consumer, or customer, among others. The true cardholder, who is theauthorized and authentic payment card and payment account holder, mayalso have a mobile device associated with a payment account that isconfigured to communicate with a payment association and/or a merchantpoint-of-sale.

According to embodiments, a payment association may signify a financialservices company or companies. A payment association may facilitateelectronic funds transfers between parties, where the parties mayinclude consumers, banks, merchants, etc. A payment association, as usedherein, may also encompass various financial institutions, includingbanks, credit unions, and various others. A payment association, as usedherein, may also include various servers, devices, computers, and othermachines that may be used to facilitate financial services.Additionally, a payment association may include various employees orcontractors, performing various tasks and/or duties in the financialservices industry, related to one or more financial institutions,according to various embodiments.

According to embodiments, a payment card may refer to what is commonlyknown as a credit card or a debit card. A credit card may allow a userto make a purchase or receive a cash advance without a positive accountbalance, whereas a debit card may act like a check from a checking orsavings account, where the user has a positive balance that is debitedwhen a purchase is made.

According to embodiments, a payment account may refer to a financialaccount maintained by a payment association, where the payment accountis associated with a cardholder and a mobile device of the cardholder.The payment account may be a bank account, debit card account, a creditline associated with a credit card, or various other financial accounts.

According to embodiments, a point-of-sale (POS) or a POS terminal may bea location where a retail transaction is initiated and/or completed.Herein, a POS may denote a point-of-sale, or a point-of-sale terminal,according to various embodiments, and the terms may be usedinterchangeably throughout. For example, a customer may desire to make apurchase, the merchant may calculate the amount of money owed tocomplete the purchase, and the customer may make a payment to a retailmerchant to complete the transaction, once validated. A POS may existboth in physical form and in computer or Internet-based form. The POSmay contain other features, such as a personal identification number(PIN) pad, a magnetic stripe card reader, and/or a reader for cardsequipped with computer chips, among other things.

According to embodiments, a merchant, as used herein, may refer toeither a businessperson, business, or entity that trades in, sells, oroffers commodities or services, produced by the merchant or by others.The merchant may sell goods or services in small or large quantities andmay sell to few or many customers.

FIG. 1 depicts a system 100 for push payment authentication, accordingto various embodiments.

A payment association server 110 may be in communication with a mobiledevice 112 and a point-of-sale (POS) 116. The POS 116 may belong to amerchant, according to various embodiments. The POS 116 may also beeither physical, electronic, and/or virtual, e.g., an Internet-based webpage. The POS may also be in communication with the mobile device 112through a user 114. The user 114 may facilitate communication betweenthe POS 116 and the mobile device 112 by handling the mobile device 112,which may include scanning the mobile device and/or POS, or facilitatingcommunication by various other means.

The payment association server 110 may also be connected to a network,such as the Internet 118, as depicted. Alternatively, the paymentassociation server 110, mobile device 112, and the POS 116 may beconnected by way of an internet, or other computing network 118.

According to various embodiments, communication between variouscomponents may occur in a certain “direction,” or flow. Pushauthentication may refer to communication in a direction where the POS116 utilizes the user 114 to communicate with the mobile device 112. Themobile device 112 may then transmit data to a server of the paymentassociation 110. The server of the payment association 110 may transmitdata to the POS 116, including, but not limited to, an indication that atransaction has been authenticated, or the details of one or moretransactions.

The direction of communication is not intended to be construed asstrictly occurring in one direction, and may occur in multipledirections or between different components, according to variousembodiments.

FIG. 2 depicts a system 200 for pull payment authentication, accordingto various embodiments.

A payment association server 210 may be in communication with a mobiledevice 212 and a point-of-sale (POS) 216. The POS 216 may belong to amerchant, according to various embodiments. The POS 216 may also beeither physical or virtual, e.g., a web page. A virtual POS may includein-app purchases. An in-app purchase may include virtual-to-virtualapps, webpage-to-webpage, or device-to-device schemes.Webpage-to-webpage may include cross-platform use of hypertext markuplanguage (HTML). According to various embodiments, device-to-device mayinclude a mobile device 212 equipped with a card reader to facilitate atransaction. The POS may also be in communication with the mobile device212 through a user 214. The user 214 may facilitate communicationbetween the POS 216 and the mobile device 212 by handling the mobiledevice 212, which may include scanning the mobile device and/or POS, orfacilitating communication by various other methods. Various methods ofcommunication may include wireless data transfer using a radio frequency(RF). Examples of wireless data transfer may include radio-frequencyidentification (RFID), wireless fidelity (Wi-Fi), near-fieldcommunication (NFC), among others.

The payment association server 210 may also be connected to a network,such as the Internet 218, as depicted, according to various embodiments.Alternatively, the server of the payment association 210, mobile device212, and the POS 216 may be connected by way of any of various types ofnetworks or internets, such as the Internet 218, as described herein.

According to various embodiments, communication between variouscomponents may occur in a certain “direction,” or flow, as describedherein. Pull authentication may refer to communication in a directionwhere the mobile device 212 utilizes the user 214 to communicate withthe POS 216. The POS 216 may then transmit data to the paymentassociation server 210. The payment association server 210 may transmitdata to the mobile device 212. The payment association server 210 maytransmit data to the POS 216, including, but not limited to, anindication that a transaction has been authenticated.

The direction of communication is not intended to be construed asstrictly occurring in one direction, and may occur in multipledirections or between different components, according to variousembodiments.

FIG. 3 depicts a system 300 for payment authentication, according tovarious embodiments.

A payment association server 310 may be in communication with a mobiledevice 312 and a point-of-sale (POS) 316. The POS 316 may belong to amerchant, according to various embodiments. The POS 316 may also beeither physical, e.g., a POS equipped LCD touchscreen and/or physicalbuttons, or virtual, e.g., a web page. A user 314 may be incommunication with the POS 316 and the mobile device 312. The paymentassociation server 310, mobile device 312, and the POS 316 maycommunicate with one another through a network, such as the Internet318. Communication between various actors through the Internet 318 mayalso be accomplished through a cloud network, or other network.

According to various embodiments, the payment association server 310 andthe mobile device 312 may be in communication, both transmitting to andreceiving from each other. Likewise, the payment association server 310and the POS 316 may be in communication, both transmitting to andreceiving from each other. The user 314 may be in communication with themobile device 312, both transmitting and receiving and the user 314 mayalso be in communication with the POS 316, both transmitting andreceiving.

According to various embodiments, the user 314 may desire to make apurchase, where the user would authorize a transfer of payment from apayment account of the user 314 to a merchant at the POS 316. The POS316 may receive the indication of the desired purchase, of the user 314from the merchant, and may transmit the details of the desired purchaseto the server of the payment association 310. The server of the paymentassociation 310, after receiving the details of the desired purchase,may relay, by transmitting, the details of the desired purchase to themobile device of the user 312, and requesting affirmative confirmationbefore proceeding. If the user 314 signals to the mobile device 312,such as by pressing a physical or virtual touch screen button, oruttering a voice or other audible command, or various other methods, themobile device 312, may transmit the indication to the paymentassociation server 310. The user may communicate with the mobile devicethrough an application loaded on the mobile device. The mobile device312 may receive an indication from the user 314, or may interpret dataotherwise received from the user 314. Upon receiving the transmissionaffirming validity of the transfer of funds from the user 314 to themerchant, the payment association server 310 may authorize the releaseof funds and transfer the funds to the merchant. The POS 316 may thenreceive a transmission from the payment association server 310indicating that the transaction has been authorized. The merchant,through the POS or otherwise, may then receive indication that thetransaction has been validated, or that the funds have been transferred.The merchant may then transfer the goods to the user.

FIG. 4 depicts a flowchart of a method 400 for payment authentication,according to various embodiments.

According to various embodiments, a user may desire to purchase goodsand/or services from a merchant 410. Accordingly, the user may sign upfor secure internet access to a payment account 412. A user may thenload a secure application for payment account transactions on a mobiledevice 414. The user's desired transaction may then be validated 416,according to various embodiments. It may then be determined if thevalidation was successful 418. If the validation was successful, thepayment may be authorized and a payment association associated with thepayment account of the user may process the transaction and transfer theuser's funds to the merchant 422. If the validation is determined to nothave been successful 418, then the transaction is not authenticated andmay be canceled 420. If the transaction is canceled accordingly atoperation 420, then a fraud alert may be issued, indicated, and/ortransmitted, according to various embodiments.

FIG. 5 depicts a flowchart of a method 500 for payment authentication,according to various embodiments.

The method 500 for payment authentication may correspond to operation416 of FIG. 4, among others, according to various embodiments. A POS mayassign a transaction identifier (transaction ID) to a potential purchasefrom a merchant 512. Additionally, and in parallel to operation 512, apayment association associated with a payment account of a user maycreate an authentication identifier (authentication ID) for a particulartransaction assigned a transaction ID 514, which may be randomized. Whenthe POS has assigned the transaction ID 512 and the payment associationhas created an authentication ID, a copy of the authentication ID may betransmitted between the payment association and the merchant using amobile device, and a mobile device application 516, according to variousembodiments. The card association may then receive both the transactionID and a copy of the authorization ID 518. The payment association maythen validate the transaction if the authentication ID and associatedtransaction ID match the copy of the authentication ID for the sametransaction ID 520. Following operation 520, the method may continue tooperation 418 of FIG. 4, according to various embodiments.

FIG. 6 depicts a flowchart of a method 600 for payment authentication,according to various embodiments.

According to various embodiments, a process may begin, where anindication may be received, indicating that a payment account of acardholder (i.e., a user) is associated with a mobile device of acardholder 610. The cardholder 610 may be the same or similar to user114, 214, or 314, according to various embodiments. The mobile devicemay include a mobile device application, where the mobile deviceapplication is configured to communicate with a payment association anda payment account of the cardholder, according to various embodiments.The mobile device, as described herein, may be the same or similar to112, 212, 312, or 910, according to various embodiments. The paymentassociation may be the same or similar payment association thatmaintains the payment association server 110, 210, or 310, according tovarious embodiments.

According to various embodiments, the mobile device may be locked with aunique password known by the cardholder. The password may be a secretpassword known by the cardholder. The cardholder may create thepassword, or receive the password, according to various embodiments. Themobile device may also be locked to a biometric scan or other biometricqualities of the cardholder, according to various embodiments.

According to various embodiments, operation 610 may include receiving,by a point-of-sale (POS) terminal, an indication that a payment accountof a cardholder is associated with a mobile device of the cardholder.According to various embodiments, the POS terminal may be a physical POSterminal, an electronic POS (EPOS) terminal, or a computer-based,virtual POS terminal, among other types of points-of-sale. The POS maybe the same or similar to 116, 216, or 316, according to variousembodiments.

An indication of physical possession of a payment card may also bereceived 612. According to various embodiments, operation 612 mayinclude receiving, by the POS terminal, an indication of physicalpossession of a payment card by a merchant. According to variousembodiments, receiving an indication of physical possession of a paymentcard may include reading the payment card held by the user by swiping amagnetic stripe on the payment card, or reading a computer chip embeddedin the payment card, and receiving a personal identification number(PIN) corresponding to the payment card. The user may also hand thephysical payment card to a clerk of a merchant, and the clerk may swipethe payment card or enter the numbers of the payment card into a POS orother merchant hardware, according to various embodiments.Alternatively, an indication of physical possession of the payment cardmay be received where the payment card is not tangible to the POSterminal, and possession is instead inferred through the cardholderentering a unique payment card number, CVV, expiration date, nameprinted on card, or any other information that may be found on thephysical payment card.

A request for authentication of an exchange of funds from the paymentaccount of a cardholder to a merchant may then be received 614.According to various embodiments, operation 614 may include receiving,by the POS terminal, a purchase request for an authorization of anexchange of funds from the payment account of the cardholder to themerchant.

A random transaction ID may then be assigned to the request forauthentication 616. According to various embodiments, operation 616 mayinclude assigning, by the POS terminal, a randomized transaction ID tothe request for the authorization of the exchange of funds from thepayment account of the cardholder to the merchant.

The request for authentication may then be transmitted 618. According tovarious embodiments, operation 618 may include transmitting, by the POSterminal, the request for the authorization of an exchange of funds fromthe payment account of the cardholder to the merchant and the assignedrandomized transaction ID.

A randomized authentication ID associated with the random transaction IDmay then be received 620. According to various embodiments, operation620 may include receiving by the POS terminal, a randomizedauthentication ID associated with the assigned randomized transactionID, from a payment association, the payment association determiningwhether the request for the authorization of the exchange of funds isvalid.

A copy of the authentication ID may then be received through the mobiledevice, facilitated by a cardholder, after the mobile device receivedthe authentication ID 622. According to various embodiments, operation622 may include receiving, by the POS terminal, a copy of the randomizedauthentication ID through the mobile device, facilitated by acardholder, where the mobile device receives the randomizedauthentication ID from the payment association.

According to various embodiments, the randomized authentication ID maybe received through the mobile device, facilitated by a cardholder, byreading a one or two-dimensional barcode. According to variousembodiments, the randomized authentication ID may also be received by awireless transmission, or received visually or aurally.

Validation that the received copy of the authentication ID matches therandomized authentication ID may be received 624 and the process mayend. According to various embodiments, operation 624 may includereceiving, by the POS terminal, validation that the received copy of therandomized authentication ID matches the randomized authentication ID.Various embodiments may include completing a transaction in response tovalidation that the received copy of the randomized authentication IDmatches the randomized authentication ID.

According to various embodiments, a payment association computing devicemay perform various operations. The operations performed by the paymentassociation computing device may correspond to various operations610-624, according to various embodiments, but performed by the paymentassociation computing device in place of the POS terminal, althoughvarious other combinations not listed are also contemplated. Further,operations equivalent to 610-624 and variations thereof are contemplatedas performed by various other machines, devices, computers, etc.

According to various embodiments, the payment association computingdevice may receive an indication that a payment account of a cardholderis associated with a mobile device of the cardholder. According tovarious embodiments, the payment association computing device mayfurther receive indication of physical possession of a payment card by amerchant at a point-of-sale (POS) terminal. According to variousembodiments, the payment association computing device may furtherreceive a purchase request for an authorization of an exchange of fundsfrom the payment account of the cardholder to the merchant at the POSterminal.

According to various embodiments, the payment association computingdevice may further transmit an assigned randomized transaction ID and arandomized authentication ID to the POS terminal, where the assignedrandomized transaction ID and the randomized authentication ID are usedto determine whether the request for the authorization of the exchangeof funds is valid. The randomized transaction ID may be randomizedduring, before, or after an assignment process. Additionally, therandomized authentication ID may be randomized during, before, or afteran assignment process. The randomization and assignment for thetransaction ID and/or authentication ID may utilize a representationincluding number of alphanumeric characters, among other forms, and maybe stored in various memory or other computer-based storage, accordingto various embodiments. According to various embodiments, the paymentassociation computing device may further transmit, to the POS terminal,a copy of the authentication ID through the mobile device, facilitatedby a cardholder, where the mobile device receives the authentication IDfrom the payment association. According to various embodiments, thepayment association computing device may further transmit, to the POSterminal, validation that the received copy of the authentication IDmatches the authentication ID.

FIG. 7 depicts a flowchart of a method 700 for payment authentication,according to various embodiments.

According to various embodiments, a process may begin, where anindication may be received, indicating that a payment account of acardholder (i.e., a user) is associated with a mobile device of acardholder 710. The cardholder 710 may be the same or similar to user114, 214, or 314, according to various embodiments. The mobile devicemay include a mobile device application, where the mobile deviceapplication is configured to communicate with a payment association anda payment account of the cardholder, according to various embodiments.The mobile device, as described herein, may be the same or similar to112, 212, 312, or 910, according to various embodiments. The paymentassociation may be the same or similar payment association thatmaintains the payment association server 110, 210, or 310, according tovarious embodiments.

According to various embodiments, operation 710 may include receiving,by a point-of-sale (POS) terminal, an indication that a payment accountof a cardholder is associated with a mobile device of the cardholder.According to various embodiments, the POS terminal may be a physical POSterminal, an electronic POS (EPOS) terminal, or a computer-based POSterminal, among other types of points-of-sale. The POS may be the sameor similar to 116, 216, or 316, according to various embodiments.

According to various embodiments, the mobile device may be locked with aunique password known by the cardholder. The mobile device may also belocked to a biometric scan of the cardholder, according to variousembodiments.

An indication of physical possession of a payment card may also bereceived 712. According to various embodiments, operation 712 mayinclude receiving, by the POS terminal, an indication of physicalpossession of a payment card by a merchant. According to variousembodiments, receiving an indication of physical possession of a paymentcard may include reading the payment card held by the user by swiping amagnetic stripe on the payment card, or reading a computer chip embeddedin the payment card, and receiving a personal identification number(PIN) corresponding to the payment card. The user may also hand thephysical payment card to a clerk of a merchant, and the clerk may swipethe payment card or enter the numbers of the payment card into a POS orother merchant hardware, according to various embodiments.Alternatively, an indication of physical possession of the payment cardmay be received where the payment card is not tangible to the POSterminal, and possession is instead inferred through the cardholderentering a unique payment card number, CVV, expiration date, nameprinted on card, or any other information that may be found on thephysical payment card.

A request for authentication of an exchange of funds from the paymentaccount of a cardholder to a merchant may then be received 714.According to various embodiments, operation 714 may include receiving,by the POS terminal, a purchase request for an authorization of anexchange of funds from the payment account of the cardholder to themerchant.

A random transaction ID may then be assigned to the request forauthentication 716. According to various embodiments, operation 716 mayinclude assigning, by the POS terminal, a randomized transaction ID tothe request for the authorization of the exchange of funds from thepayment account of the cardholder to the merchant.

The request for authentication may then be transmitted 718. According tovarious embodiments, operation 718 may include transmitting, by the POSterminal, the request for the authorization of an exchange of funds fromthe payment account of the cardholder to the merchant and the assignedrandomized transaction ID.

A randomized authentication ID associated with the randomizedtransaction ID may then be received 720. According to variousembodiments, operation 720 may include receiving by the POS terminal, arandomized authentication ID associated with the assigned randomizedtransaction ID, from a payment association, the payment associationdetermining whether the request for the authorization of the exchange offunds is valid.

A copy of the authentication ID may then be transmitted to the mobiledevice, facilitated by a cardholder, after the POS received theauthentication ID 722. According to various embodiments, operation 722may include transmitting, by the POS terminal, a copy of the randomizedauthentication ID to the mobile device, facilitated by a cardholder,where the POS terminal receives the randomized authentication ID fromthe payment association 722.

According to various embodiments, the randomized authentication ID maybe received through the POS terminal, by reading a one ortwo-dimensional barcode. According to various embodiments, therandomized authentication ID may also be received by a wirelesstransmission, or received visually or aurally. The randomizedauthentication ID, if received by visual wireless transmission throughthe POS terminal, may be received through visual signals, codes, texts,symbols, light flashes, etc. The visual transmission may includetransmissions through light (i.e., electromagnetic radiation) in thehuman-visible regions of the electromagnetic spectrum, but may alsoinclude transmissions above or below what is visible to a human. Therandomized authentication ID, if received by aural wireless transmissionthrough the POS terminal, may be received through aural sounds, signals,etc., whether in the audible-to-human spectrum, above, or below. Inother words, sounds may be transmitted that are not typically audible toa human.

Validation that the received copy of the authentication ID matches therandomized authentication ID may be received 724 and the process mayend. According to various embodiments, operation 724 may includereceiving, by the POS terminal, validation that the received copy of therandomized authentication ID matches the randomized authentication ID.

Various embodiments may include completing a transaction in response tovalidation that the received copy of the randomized authentication IDmatches the randomized authentication ID.

According to various embodiments, a payment association computing devicemay perform various operations. The operations performed by the paymentassociation computing device may correspond to various operations710-724, according to various embodiments, but performed by the paymentassociation computing device in place of the POS terminal, althoughvarious other combinations not listed are also contemplated. Further,operations equivalent to 710-724 and variations thereof are contemplatedas performed by various other machines, devices, computers, etc.

According to various embodiments, the payment association computingdevice may receive an indication that a payment account of a cardholderis associated with a mobile device of the cardholder. According tovarious embodiments, the payment association computing device mayfurther receive an indication of physical possession of a payment cardby a merchant at a point-of-sale (POS) terminal. According to variousembodiments, the payment association computing device may furtherreceive a purchase request for an authorization of an exchange of fundsfrom the payment account of the cardholder to the merchant at a POSterminal.

According to various embodiments, the payment association computingdevice may further receive a randomized transaction ID to the requestfor the authorization of the exchange of funds. According to variousembodiments, the payment association computing device may furtherreceive, by the POS terminal, a request for an authorization of theexchange of funds from the payment account of the cardholder to themerchant. According to various embodiments, the payment associationcomputing device may further transmit to the POS terminal, therandomized transaction ID and a randomized authentication ID associatedwith the transaction ID, where the transaction ID and the randomizedauthentication ID are used to determine whether the request for theauthorization of the exchange of funds is valid.

According to various embodiments, the payment association computingdevice may further transmit, through the POS terminal, a copy of theauthentication ID to the mobile device. According to variousembodiments, the payment association computing device may furthertransmit, to the POS terminal, validation that the transmitted copy ofthe authentication ID from the mobile device matches the authenticationID.

FIG. 8 depicts a flowchart 800 of a method for payment authentication,according to various embodiments.

According to various embodiments, a process may begin, where it may bedetermined that a payment account is associated with a mobile device ofa cardholder (i.e., a user) 810. The cardholder 810 may be the same orsimilar to user 114, 214, or 314, according to various embodiments.According to various embodiments, operation 810 may include determining,by a payment association computing device, that a payment account of acardholder is associated with a mobile device of the cardholder.According to various embodiments, the payment association computingdevice may be a server. The mobile device may include a mobile deviceapplication, where the mobile device application is configured tocommunicate with a payment association and a payment account of thecardholder, according to various embodiments. The mobile device, asdescribed herein, may be the same or similar to 112, 212, 312, or 910,according to various embodiments. The payment association computingdevice may be the same or similar to the payment association server 110,210, or 310, according to various embodiments.

According to various embodiments, the mobile device may be locked with aunique password known by the cardholder, as described herein. The mobiledevice may also be locked to a biometric scan of the cardholder, asdescribed herein, according to various embodiments.

An indication of physical possession of a payment card may also bereceived 812. According to various embodiments, operation 812 mayinclude receiving, by the payment association computing device, anindication of physical possession of a payment card by a merchant.According to various embodiments, receiving an indication of physicalpossession of a payment card may include reading the payment card heldby the user by swiping a magnetic stripe on the payment card, or readinga computer chip embedded in the payment card, and receiving a personalidentification number (PIN) corresponding to the payment card. The usermay also hand the physical payment card to a clerk of a merchant, andthe clerk may swipe the payment card or enter the numbers of the paymentcard into a POS or other merchant hardware, according to variousembodiments. Alternatively, an indication of physical possession of thepayment card may be received where the payment card is not tangible tothe POS terminal, and possession is instead inferred through thecardholder entering a unique payment card number, CVV, expiration date,name printed on card, or any other information that may be found on thephysical payment card.

According to various embodiments, receiving an indication of physicalpossession of a payment card may be performed by the POS terminal.According to various embodiments, the POS terminal may be a physical POSterminal, an electronic POS (EPOS) terminal, or a computer-based POSterminal, among other types of points-of-sale. The POS may be the sameor similar to 116, 216, or 316, according to various embodiments.

A request for authentication of an exchange of funds from the paymentaccount of a cardholder to a merchant may then be received 814.According to various embodiments, operation 814 may include receiving,by the payment association computing device, a purchase request for anauthorization of an exchange of funds from the payment account of thecardholder to the merchant. According to various embodiments, therequest for the exchange of funds may represent a purchase.

An assigned randomized transaction ID to the request may then bereceived 816. According to various embodiments, operation 816 mayinclude receiving, by the payment association computing device, anassigned randomized transaction ID to the request for the authorizationof the exchange of funds. Information regarding the exchange may then betransmitted to the mobile device 818. According to various embodiments,operation 818 may include transmitting, by the payment associationcomputing device, to the mobile device, information regarding theexchange of funds assigned the randomized transaction ID.

A request for confirmation may then be transmitted to the mobile device820, according to various embodiments. According to various embodiments,operation 820 may include transmitting, by the payment associationcomputing device, to the mobile device, a request for confirmation. Thetransmitting of the request for confirmation may be transmitted to themobile device in response to transmitting the information regarding theexchange of funds, of the authorization from the cardholder from thepayment account of the cardholder to the merchant.

An indication may then be received through the mobile device,facilitated by a cardholder, indicating that the exchange of funds isauthorized 822. According to various embodiments, operation 822 mayinclude receiving, by the payment association computing device, anindication, through the mobile device. The indication received throughthe mobile device may be received in response to transmitting therequest for confirmation, that the exchange of funds assigned therandomized transaction ID from the payment account of the cardholder tothe merchant is authorized. According to various embodiments, operation822 may also include displaying the information regarding the exchangeof funds that has been assigned the randomized transaction ID to thecardholder on the mobile device.

The exchange of funds may be authorized if authorization is receivedfrom the mobile device 824, and the process may end. According tovarious embodiments, operation 824 may include authorizing, by thepayment association computing device, the exchange of funds assigned therandomized transaction ID from the payment account of the cardholder tothe merchant. The exchange of funds assigned the randomized transactionID may be authorized in response to the received indication that thecardholder authorizes the exchange of funds that has been assigned therandomized transaction ID from the payment account of the cardholder tothe merchant.

FIG. 9 depicts a graphical user interface 900 of an application on amobile device for payment authentication, according to variousembodiments.

Mobile device 910 may belong to a user, and the user may also be acardholder with an associated payment account and payment card.According to various embodiments, the mobile device 910 may be asmartphone, or other form of telephone. The mobile device 910 may alsobe any other form of mobile device, including a laptop computer, tablet,personal digital assistant (PDA), head-mounted device, wearable device,etc. The mobile device, as described herein, may be the same or similarto 112, 212, or 312, according to various embodiments.

According to various embodiments, a cardholder may desire to make apurchase at a merchant. The cardholder may be a customer, according tovarious embodiments. The cardholder may have a mobile device 910,according to various embodiments. The cardholder may desire to purchasea bicycle tire from a bicycle shop (a merchant) that the cardholder hasvisited in person. The cardholder may initiate a purchase with thebicycle shop, and indicate a desire to pay for the bicycle tire using acredit card (a payment card). A clerk at the bicycle shop may indicatethat there is a POS with which the cardholder may swipe his or her cardto initiate a purchase, or a self-checkout POS may be utilized. Uponswiping or otherwise scanning the cardholder's payment card, thecardholder's mobile device 910 may receive a message containing arequest for authorization 914. The request for authorization may alsoinclude various transaction data 912, including the name of themerchant, the address of the merchant, the amount of the merchant, etc.For example, in the embodiment shown, the merchant is listed as“Bubzki's Bike Shop,” the address is listed as “Minneapolis, Minn.,” andthe amount is listed as “$45.66.” The cardholder may study and confirmthe transaction data 912, and the cardholder may indicate whether thetransaction is authorized. The cardholder may indicate whether thetransaction is authorized by utilizing a button or multiple buttons 916located on a graphical user interface (GUI) of the mobile device. Forexample, the buttons 916 may include “Yes,” “No,” “Authorize,” “Cancel,”or various other indications that may be communicated to a paymentserver of a payment association, and may ultimately be transmitted tothe POS at the merchant, determining whether the cardholder's paymentwill be accepted, as described herein.

FIG. 10 depicts a flowchart of a method 1000 for in-store pullauthentication, according to various embodiments.

A user (or, a cardholder or a consumer) may sign up for Internet accessto a payment account 1010. The payment account and payment card may thenbe linked to a mobile device and a pull verification mobile deviceapplication may be downloaded, using a unique password for theapplication 1012. The user may manually start a purchase by swiping orscanning the payment card at a merchant point-of-sale (POS) 1014.

The merchant POS may then send a transaction ID and verification requestto an associated payment association of the card that was swiped 1016.The payment association may then send a unique authentication ID (ID)linked to the current transaction to the user's mobile application 1018.The authentication ID could be a variety of implementations including,but not limited to, a number, alphanumerics, or a one or two-dimensionalbarcode (such as a quick-reference “QR” code).

The user may then launch the pull verification application on the mobiledevice 1020. The user may then enter, scan or transmit theauthentication ID into the merchant's POS hardware 1022. The entered IDmay then be transmitted back to the payment association to validate thecombination of the payment card data, transaction ID, and authenticationID 1024. The payment association may process the data and may return atransaction validation 1026 notification back to the merchant tocomplete the transaction. If any of the data (e.g., payment card number,transaction ID, or authentication ID) is not consistent, then thetransaction may be rejected. Transaction validation 1026 may utilize aprocess similar to that described in FIG. 5, according to variousembodiments.

FIG. 11 depicts a flowchart of a method 1100 for online pullauthentication, according to various embodiments.

A user (or, a cardholder or a consumer) may sign up for Internet accessto a payment account 1110. The payment account and payment card may thenbe linked to a mobile device and a pull verification mobile deviceapplication may be downloaded, using a unique password for theapplication 1112. The user may start a purchase by entering the cardinformation of the payment card at a merchant web payment form 1114. Theuser may arrive at a “check-out” webpage and may accordingly fill in therequired payment card information. The user may click “apply” forprocessing the transaction.

The merchant may then send the transaction ID and transaction data tothe payment association for verification 1116. A response may betransmitted from the payment association to the merchant to proceed foradditional verification 1118. The merchant may then add or present a newform or one or more supplemental fields on the current form to capturean authentication code from the user 1120.

In parallel the payment association may send a unique authentication IDlinked to the current transaction to the user's mobile device and mobiledevice application 1122. The authentication ID could be a variety ofimplementations including but not limited to a number, alphanumerics, ora one- or two-dimensional barcode (e.g., a quick-reference (QR) code).The user may receive the sent unique authentication ID and then enterthe unique authentication ID that could be a number/word/phrase(alphanumeric) into the supplemental authentication form field of theweb payment form 1126. The user may then indicate, e.g., by clicking ortapping, “apply.”

The entered ID may then be transmitted back to the payment associationto validate the combination of the payment card data, transaction ID,and authentication ID 1128. The transaction may be validated, e.g., bythe payment association 1130. The validation of the transaction mayfollow a similar flow as FIG. 5, among others. After the paymentassociation has processed the data, the payment association may transmita notification of transaction validation back to the merchant POS,allowing the user to complete the transaction. The payment associationmay utilize one or more servers and/or clients in order to completevarious operations, including transaction validation. During transactionvalidation, if any of the data is not consistent, payment card number,transaction ID, and authentication ID then the transaction may berejected.

FIG. 12 depicts a flowchart of a method 1200 for in-store pushauthentication, according to various embodiments.

A user (or, a cardholder or a consumer) may sign up for Internet accessto a payment account 1210. The payment account and payment card may thenbe linked to a mobile device and a push verification mobile deviceapplication may be downloaded, using a unique password for theapplication 1212. A purchase may be started by the user swiping apayment card at a merchant point-of-sale (POS) 1214. The merchant POSmay then create and send a transaction identifier (ID) and a paymenttransaction request to the payment association of the card that wasswiped 1216.

The user, having the mobile device, may then launch the pushverification mobile device application, using the unique password forthe application 1218, according to various embodiments. The paymentassociation may alternatively assign and transmit a unique transactionID to the merchant POS, instead of the payment association receiving anassigned transaction ID from the merchant POS. The transaction ID couldbe a variety of implementations including but not limited to a number,alphanumerics, or a one or two-dimensional barcode (e.g., a quickreference (QR) code). The payment association may assign anauthentication ID to the transaction ID, and transmit the authenticationID to the merchant POS, which may await further or final authorizationand action from the user 1220. The user may then enter, scan, ortransmit the authentication ID into the mobile device application fromthe merchant's POS 1222.

The mobile device application may transmit the transaction ID andassociated authentication ID, or a hashed variation thereof, back to thepayment association as authentication for the transaction associatedwith the assigned transaction ID 1224. The transmission of thetransaction ID and/or associated authentication ID may serve asauthorization/acceptance of the current transaction during transactionvalidation 1226. The payment association may then signal the merchantthat the transaction is accepted. If any of the data (e.g., payment cardnumber, transaction ID, authentication ID, mobile response transactionor hashed transaction ID, or authentication ID) is not consistent, thenthe transaction may be rejected.

FIG. 13 depicts a flowchart of a method 1300 for online pushauthentication, according to various embodiments.

A user (or, a cardholder or a consumer) may begin by signing up forInternet access to a payment account 1310. The payment account andassociated payment card may then be linked to a mobile device and a pushverification mobile device application may be downloaded, using a uniquepassword for the application 1312.

A user may desire to make a purchase online, and the user may arrive ata merchant web payment form, e.g., a “check-out” webpage, and the usermay enter various required payment card information 1314. The user maythen click “apply” for processing, or “submit order,” according tovarious embodiments. The merchant POS may assign and then send atransaction ID and request to the payment association for a transfer offunds to complete the order of the user 1316.

The payment association may alternatively assign a transaction ID to therequest from the merchant POS. The payment association, whether or notit assigned the transaction ID, may transmit the transaction ID to themerchant 1318, according to various embodiments. The merchant maydisplays a new form or supplemental fields with transaction IDdisplayed. The transaction ID could be a variety of implementationsincluding but not limited to a number, alphanumerics, barcode, or QRcode. One or more web payment form fields may then be added 1320. Thetransaction ID may be displayed, according to various embodiments. Inparallel to operation 1318 and 1320, the user may launch the pushverification application on the mobile device 1322. Additionally, thepayment association may assign a randomized authentication ID and maytransmit the randomized authentication ID to the mobile application onthe mobile device of the user 1324.

From operation 1324 and/or 1320, according to various embodiments, theauthentication ID and/or transaction ID may be entered or scanned fromthe displayed merchant webpage to the mobile device 1326. Using themobile application the user may enter or scan the unique transaction IDdisplayed on the webpage. The mobile application may send theauthentication ID, the transaction ID, or hashed version of theauthentication ID or transaction ID back to the payment association forprocessing. The payment association may signal the merchant that thetransaction is valid. If any of the data (e.g., payment card number,authentication ID, or mobile response transaction or hashedauthentication ID) is not consistent, then the transaction may berejected.

FIG. 14 depicts a block diagram of automated computing machinery,according to various embodiments. The automated computing machinery mayrepresent a POS terminal, a payment association server, or a paymentassociation computing device, among others, according to variousembodiments. The example computing machinery may include a computer 1410useful in performing aspects of the disclosure, according to variousembodiments. The computer 1410 of FIG. 14 includes at least one computerprocessor 1418 or central processing unit (CPU) as well as random accessmemory 1415 (RAM) which is connected through bus adapter 1417 toprocessor 1418 and to other components of the computer 1410. Thecomputing machinery or the processor 1418 may include one or morecomputer processing circuits.

The RAM 1415 may include an authentication application 1414. Theauthentication application 1414 may access or control various functionsof the computer's 1400 RAM 1415, according to various embodiments. Theauthentication application's 1414 instructions and authentication andtransaction IDs 1434 may be stored to or read from data storage 1416,which may be a hard disk drive, according to various embodiments. Thememory controller's communications may be received from various moduleslocated in the RAM 1415.

The RAM 1415 may include a payment association module 1412. The paymentassociation module's 1412 instructions may be populated into the datastorage 1416. The authentication application 1414 may control when toauthenticate a payment transaction. The authentication application 1414may access a point-of-sale module 1406 and a payment association module1412, according to various embodiments. The point-of-sale module 1406may control oxide deposition during a FET-making process, according tovarious embodiments. The payment association module 1412 may controlvarious processes associated with a payment association during a paymentauthentication process, according to various embodiments. Thepoint-of-sale module 1406 and the payment association module 1412 may bestored in data storage 1416, according to various embodiments.Additional modules may be included in the authentication application1414, according to various embodiments.

The RAM 1415 may include an operating system 1419. Operating systemsuseful for record filtering according to embodiments of the presentdisclosure include UNIX®, Linux®, Microsoft XP™, AIX®, IBM's i5/OS™, andothers. The operating system 1419 is shown in RAM 1415, but manycomponents of such software typically are stored in non-volatile memoryalso, such as, for example, on a disk drive 1416.

The computer 1410 may also include disk drive adapter 1420 coupledthrough expansion bus 1432 and bus adapter 1417 to processor 1418 andother components of the computer 1410. Disk drive adapter 1420 connectsnon-volatile data storage to the computer 1410 in the form of disk drive(data storage) 1416. Disk drive adapters useful in computers includeIntegrated Drive Electronics (IDE) adapters, Small Computer SystemInterface (SCSI) adapters, Serial AT Attachment (SATA), and others.Non-volatile computer memory also may be implemented for as an opticaldisc drive, electrically erasable programmable read-only memory(so-called ‘EEPROM’ or ‘Flash’ memory), RAM drives, etc.

The data storage 1416 may include one or more storage devices in atiered or non-tiered configuration. The data storage 1416 may includeone or more memory chip thermal profile inputs that are received by theapplication and stored for later use by the authentication application1414 through RAM 1415.

The example computer 1400 may include one or more input/output (I/O)adapters 1422. I/O adapters implement user-oriented input/outputthrough, for example, software drivers and computer hardware forcontrolling output to display devices such as computer display screens1424, as well as user input from one or more user input devices 1426such as keyboards, mice, styli, or touchscreens, according to variousembodiments. The example computer 1400 may include a video adapter at1409, which is an example of an I/O adapter specially designed forgraphic output to a display device 1424 such as a display screen orcomputer monitor. The video adapter (I/O) would be connected toprocessor 1418 through a bus adapter 1417, and the front side bus 1428,which is also a high-speed bus.

The example computer 1410 includes a communications adapter 1430 fordata communications with other computers, for example, mobile device(s)1401, and for data communications with a data communications network1408. Such data communications may be carried out serially throughRS-232 connections, through external buses such as a Universal SerialBus (USB), through data communications networks such as IP datacommunications networks, and in other ways as will occur to those ofskill in the art. Communications adapters implement the hardware levelof data communications through which one computer sends datacommunications to another computer, directly or through a datacommunications network 1408. Examples of communications adapters includemodems for wired dial-up communications, Ethernet (IEEE 802.3) adaptersfor wired data communications network communications, and IEEE 802.77adapters for wireless data communications network communications.

The descriptions of the various embodiments of the present disclosurehave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of skill in theart without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to best explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of skill in the art to understand the embodiments disclosedherein.

The present invention may be a system, a method, and/or a computerprogram product. The computer program product may include a computerreadable storage medium (or media) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. The computerreadable program instructions may execute entirely on the user'scomputer, partly on the user's computer, as a stand-alone softwarepackage, partly on the user's computer and partly on a remote computeror entirely on the remote computer or server. In the latter scenario,the remote computer may be connected to the user's computer through anytype of network, including a local area network (LAN) or a wide areanetwork (WAN), or the connection may be made to an external computer(for example, through the Internet using an Internet Service Provider).In some embodiments, electronic circuitry including, for example,programmable logic circuitry, field-programmable gate arrays (FPGA), orprogrammable logic arrays (PLA) may execute the computer readableprogram instructions by utilizing state information of the computerreadable program instructions to personalize the electronic circuitry,in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or act or carry out combinations of special purpose hardwareand computer instructions.

The descriptions of the various embodiments of the present disclosurehave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the describedembodiments. The terminology used herein was chosen to explain theprinciples of the embodiments, the practical application or technicalimprovement over technologies found in the marketplace, or to enableothers of ordinary skill in the art to understand the embodimentsdisclosed herein.

What is claimed is:
 1. A system for use with a host payment associationserver that is configured to validate transactions of a payment accountand communicate with a linked mobile device that is configured tovalidate payment transactions, comprising: one or more computerprocessor circuits that are configured to host a transaction validationapplication that is configured to: receive, by a point-of-sale (POS)terminal, a first indication that a payment account of a cardholder isassociated with a mobile device of the cardholder; receive, by the POSterminal, after receiving the first indication, a second indication ofphysical possession of a payment card by a merchant; receive, by the POSterminal, a purchase request for an authorization of an exchange offunds from the payment account of the cardholder to the merchant;assign, by the POS terminal, a randomized transaction identifier to therequest for the authorization of the exchange of funds from the paymentaccount of the cardholder to the merchant; transmit, by the POSterminal, the request for the authorization of the exchange of fundsfrom the payment account of the cardholder to the merchant and theassigned randomized transaction identifier; receive by the POS terminal,an indication that a randomized authentication identifier is associatedwith the assigned randomized transaction identifier, from a paymentassociation, the payment association determining whether the request forthe authorization of the exchange of funds is valid; receive, by the POSterminal, a copy of the randomized authentication identifier through themobile device, facilitated by the cardholder, wherein the mobile devicereceives the randomized authentication identifier from the paymentassociation; and receive, by the POS terminal, validation that thereceived copy of the randomized authentication identifier matches therandomized authentication identifier.
 2. The system of claim 1, whereinthe POS terminal is a physical POS terminal.
 3. The system of claim 1,wherein the POS terminal is a computer-based POS terminal.
 4. The systemof claim 1, wherein the transaction validation application is configuredto receive, by the POS terminal, a copy of the randomized authenticationidentifier through the mobile device, visually.
 5. The system of claim1, wherein the transaction validation application is configured toreceive, by the POS terminal, a copy of the randomized authenticationidentifier through the mobile device, aurally.
 6. The system of claim 1,wherein the mobile device includes a mobile device application, whereinthe mobile device application is configured to communicate with thepayment association and the payment account of the cardholder.
 7. Acomputer program product comprising a computer readable storage devicehaving a computer readable program stored therein, wherein the computerreadable program, when executed on a computing device, causes thecomputing device to: receive, by a point-of-sale (POS) terminal, a firstindication that a payment account of a cardholder is associated with amobile device of the cardholder; receive, by the POS terminal, afterreceiving the first indication, a second indication of physicalpossession of a payment card by a merchant; receive, by the POSterminal, a purchase request for an authorization of an exchange offunds from the payment account of the cardholder to the merchant;assign, by the POS terminal, a randomized transaction identifier to therequest for authorization of the exchange of funds from the paymentaccount of the cardholder to the merchant; transmit, by the POSterminal, the request for the authorization of the exchange of fundsfrom the payment account of the cardholder to the merchant and theassigned randomized transaction identifier; receive by the POS terminal,an indication that a randomized authentication identifier is associatedwith the assigned randomized transaction identifier, from a paymentassociation, the payment association determining whether the request forthe authorization of the exchange of funds is valid; receive, by the POSterminal, a copy of the randomized authentication identifier through themobile device, facilitated by the cardholder, wherein the mobile devicereceives the randomized authentication identifier from the paymentassociation; and receive, by the POS terminal, validation that thereceived copy of the randomized authentication identifier matches therandomized authentication identifier.
 8. The computer program product ofclaim 7, wherein the computer readable program further causes thecomputing device to: receive, by the POS terminal, a copy of therandomized authentication identifier through the mobile device, by awireless transmission.
 9. The computer program product of claim 7,wherein the computer readable program further causes the computingdevice to: receive, by the POS terminal, a copy of the randomizedauthentication identifier through the mobile device, visually.
 10. Thecomputer program product of claim 7, wherein the computer readableprogram further causes the computing device to: receive, by the POSterminal, a copy of the randomized authentication identifier through themobile device, aurally.